On Tue, Oct 14, 2003 at 02:47:54PM -0500, Aaron Axelsen wrote:
> I stumbled accross RSSH and it looked like it could solve all my
> issues. We are trying to set up an enviroment with sftp allowing
> users to be chrooted to their home account so they cannot go
> snooping around other locations on the system.
It is possible to do this, but I don't recommend that, at least not
exactly. The documentation explains why, so I won't reiterate it
here. It is better to create ONE chroot jail for all your users, and
then limit users' access to directories based on Unix file
permissions. This is almost as good for your purposes, and much more
managable.
> If i understand correctly, that is one of the features of RSSH. Is
> this a fairly simple processes to implement and updated via RPM's?
No. Setting up a chroot jail is complicated. The documentation
explains how to do it, but the exact steps are system-dependent, so
there is not (and never can be) a concise step-by-step procedure to
set it up. But if you have ever successfully set up complicated
software in the past, you should be able to follow the directions and
get it working.
> Also, will redhats openssh rpm updates in any way cause problems with rssh
> once it is installed and configured?
No, updates will not cause problems (unless they are buggy of course).
But, when you create a chroot jail, you will need to copy some of the
OpenSSH files into the jail. When you update, you will need to copy
the new versions of any files you copied before into the jail. Caveat
sysadmin...
> Thanks in advance for comments.
You're welcome!
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D
|
